Skip to content

Malware That Prompt-Injects Your AI Code Scanner

A reported campaign hides payloads from AI-powered security scanners by injecting weapons-related text that trips the scanner's own safety refusals. Single-source so far — but the technique class is worth understanding now.

Nagui Pinetta Lost Bytes · measured, not marketed

Bottom line: Tom’s Hardware reports a malware campaign (“Hades”) that evades AI-powered code scanners by embedding text about nuclear and biological weapons in development packages. The text trips the scanning model’s safety failsafes, the scan halts on the refusal, and the actual payload goes unread. Treat this as reported, single-source, low-confidence on specifics — but the technique class is real and worth your attention regardless of whether this particular campaign holds up.

How it works (as described). AI-assisted scanners pass code to a model and ask it to flag malicious behavior. If an attacker salts the package with content the model is trained to refuse — weapons-synthesis text, in this case — the model can bail out of the task instead of completing the scan. The refusal is the exploit: the safety behavior that protects users in a chat becomes a denial-of-analysis primitive in a scanning pipeline. This is prompt injection aimed not at making the model do something, but at making it stop.

Who’s realistically affected. Anyone whose dependency-scanning or code-review gate is only an LLM with no deterministic layer underneath. The exposure is the supply chain — a poisoned package sailing through review because the reviewer flinched.

What to actually do (these hold whether or not Hades is real):

  1. Never let an AI scanner be the only gate. Keep deterministic checks — signature/heuristic scanners, dependency pinning, provenance/SBOM, build reproducibility — as the floor. The model is an addition, not a replacement.
  2. Treat a refusal or error from a scanner as a failure, not a pass. If the model won’t complete the scan, the item should be quarantined for human review, never waved through.
  3. Strip or neutralize untrusted content before it reaches the model, and isolate scanning prompts from the code under analysis so injected instructions can’t hijack the task.

Confidence, stated plainly: the concept — prompt-injection against AI security tooling — is well-established and confirmed in the research literature. This specific campaign I could not independently verify; the primary article body wouldn’t load, so everything above about “Hades” is vendor/outlet-reported, not confirmed here. The defensive posture stands on its own merits either way.

Source: Tom’s Hardware — Hades malware campaign tricks AI scanners with fake nuclear weapon prompts. Surfaced via Noise Distiller correlation across two sources; details thin pending a fuller write-up.

security ai supply-chain prompt-injection
Previous When a Model Becomes a Munition: The Fable & Mythos Suspension Next AMD's Gorgon Point Closes the Mini-PC Gap on the M4 Pro